Cryptographic electronic gift certificate cross-reference to related applications

ABSTRACT

A software system that produces secure and easy to distribute electronic gift certificates. Electronic gift certificates that are electronically signed ( 18 ) using the certificate issuer&#39;s public and private electronic signature keys. The keys are based on Public Key Infrastructure algorithms such as Diffie-Hellman or RSA U.S. Pat. No. 4,405,829. Issuers of these certificates will have established relationships with vendors, entities who will exchange goods/services for the face value of the certificate. The issuer&#39;s public key, which is used to validate a certificate, is sent to vendors ( 35 ). When a certificate recipient presents the certificate to the vendor for redemption ( 43 ), the software uses the issuer&#39;s public key that was given to the vendor to validate the certificate ( 40 ). The vendor software submits the redeemed certificate to the issuer ( 44 ) so that the vendor can be reimbursed.

CROSS-REFERENCE TO RELATED APPLICATIONS

Not applicable.

BACKGROUND

1. Field of Invention

This invention relates to electronic gift certificates that isdistributed over public and private computer networks.

2. Background of the Invention

In recent years there has been a large increase in electronic commerceover open networks such as the Internet; With so many websites offeringsimilar products and services, it is becoming increasingly, moredifficult for websites to distinguish themselves. One way to increaseInternet customer and website visitor retention is to offer incentives.One such incentive involves the giving of electronic gift certificates.Many companies offer gift certificates that involve sending an email tothe certificate recipient. This email usually contains the monetaryvalue of the certificate and a password and optionally a serial numberthat the recipient must enter when redeeming the certificate at thecertificate vendor website.

An example of how it currently works is explained by this example. If Iwanted to offer one thousand dollars in electronic gift certificates toone hundred of my customers with each receiving a ten dollarscertificate, I would go to a vendor such as Amazon.com and purchase thehundred gift certificates for a thousand dollars. Amazon woulddistribute the gift certificates to my customers. My customer is thenable to go to Amazon's web site and redeem the certificate by enteringthe appropriate password and or Serial number. I would never knowwhether or not a certificate has been redeemed. Amazon would benefitfrom any unredeemed certificates since they were all previously paidfor. The vendor (Amazon.com) is in full control of the process.

The electronic gift and rebate certificates of this invention differfrom other gift and rebate certificates by allowing the issuing companyto retain the savings from any unredeemed certificates. To accomplishthis, the software of this invention is used to generate thecertificates. The certificates of this invention are data that has beenelectronically signed. The electronic signing of the certificate datauses a public private key encryption algorithm. One such algorithm isdescribed in U.S. Pat. No. 4,405,829 issued to Ronald Rivest, AdiShamir, and Leonard Adleman. Other public key algorithms such asDiffie-Hellman Algorithm may also be used.

In Public/private key encryption algorithms, the public and private keyshave opposite roles. The private key is used to encrypt data that canonly be decrypted with its corresponding public key. The keys aregenerated together and neither key can be substituted or changed. Thepublic key is usually distributed while the private key is not revealed.

Our software requires at least two sets of public private keys togenerate certificates. The first set of public keys belongs to the datareviewer. The Reviewer must first review the information that will beused to generate the certificate such as the name of the receiver, thedollar amount, expiration dates, etc. Once the reviewer is satisfiedwith the accuracy of the information, the reviewer uses his or herprivate key to sign the data file. The file is then handed off to theIssuer. The Issuer is the person who uses his or her private key togenerate the certificates. The public key of the Reviewer is installedon the Issuer's computer. The software uses the installed Reviewer'spublic key to verify that the reviewer signed the file and that the filewas not altered after it was signed. The Issuer after reviewing the fileto his or her satisfaction uses his or her private key to generate theelectronic gift certificates. The certificates are then uploaded to acomputer server for distribution. Included with each certificate is theIssuers public key.

The Issuers public key is also distributed to the vendors to be used bythem to verify the authenticity of certificates presented to them forredemption. This includes verifying that the Issuer signed thecertificate. The Issuer's public key is encrypted before distribution toprevent substitution. The encrypted public key is distributed separatelyfrom the password. The Issuer's public key is also installed on thecomputer server where vendors will send the certificates that have beenredeemed for reimbursement. A vendor is reimbursed after the certificateis authenticated with the Issuer's public key.

The vendor checks a certificate by comparing the public key included inthe certificate with that of the Issuers. If the public keys match thevendor uses the public key to decrypt the certificate. If the decrypteddata is formatted correctly, the certificate is accepted. If encrypteddata was modified or the public key was substituted the decryptedcertificate output will not be formatted correctly and would containextraneous data. The Issuers's computer server makes a similar checkwhen the certificate is presented for reimbursement. Prior arrangementsmust be made with vendors for credit lines since vendors are supplyinggoods or services before payment is received.

Both the Reviewer and the Approver work for or on behalf of thecertificate issuer.

To facilitate ease of use we have adopted XML as the preferred means ofpackaging the data elements of a certificate. We have also adopted theW3C (world wide web consortium) electronic signature specification asone means of packaging an electronic gift certificate. Thisspecification is based on the public private key (PKI) encryptiontechnology. We have added additional data elements to the electronicsignature to accommodate the needs of a gift certificate. Moreinformation on W3C electronic signatures can be found at the web addresshttp://www.w3.org/Signature/

SUMMARY

It is an object of this invention to allow companies, individuals andother entities to generate and issue electronic gift certificates thatcan be redeemed at participating vendors websites or companies and ifthe certificate is not redeemed, retain the monies that would haveotherwise gone to a vendor had the issuer purchased the certificatesfrom a vendor.

Additionally, this invention enables electronic gift certificate issuersto issue electronic gift certificates that are redeemable at othercompanies' websites.

Additionally, this invention allows companies to participate in crosspromotion of their business through the use of encrypted electronic giftcertificate without the large risk involved with traditional passwordimplemented electronic gift certificates where an unauthorized personcould gain access to its password.

Objects and Advantages

Accordingly, beside the objects and advantages of the electronic giftcertificate described in my above patent application description,several objects and advantages are

-   -   to provide a secure means for companies, individuals and        institutions to generate and issue electronic gift certificates        that are redeemable at vendors that do not require the use of        passwords;

Provide a means to detect if a certificate has been altered usingPKI-Public Private key encryption;

-   -   to provide the means where by the certificate issuer retains the        value of all unredeemed electronic gift certificates instead of        the vendor by requiring a certificate to be presented before the        vendor is reimbursed;    -   to reduce the possibility of fraud by requiring both a reviewer        and an Issuer to sign off on the content data that is used to        generate electronic gift certificates;    -   to increase the ease of use by eliminating the need of the        certificate recipient to memorize a password or serial number        needed in traditional password certificates;    -   to provide a better means of controlling financial obligations        resulting from the issuing of electronic gift certificates by        including an expiration date that sets a specific exposure        period;    -   to provide increased security by requiring the Reviewer and        Issuer to change their public and private keys frequently thus        reducing the chances that the keys used to generate the        certificates will be compromised;    -   to provide a means whereby the software used to process the        redeemed certificates is provided to the vendors at little or no        cost there by reducing the time needed to integrate the        processing of the electronic gift certificates and increasing        the likelihood that the vendor will participate in the process;

Further objects and advantages are the reduced cost of implementing thesystem described in this invention, which consist primarily ofinstalling software. Taking advantage of most existing computer networksincluding the Internet will further reduce the implementation cost.Further objects and advantages will become apparent from a considerationof the ensuing descriptions and drawings.

DRAWINGS FIGURES

FIG. 1 shows the process of generating and distributing electronic giftcertificates.

FIG. 2 shows how and to whom the public keys of the certificate datareviewer and the certificate data Issuer (certificate generator) aredistributed.

FIG. 3 shows a customer redeeming an electronic gift certificate forgoods and services and the vendor submitting the electronic giftcertificate for reimbursement.

REFERENCE NUMERALS IN DRAWINGS

-   10 The certificate data including name of recipient, value of    certificate, expiration date etc, which will be used to later    generate the certificates-   12 The certificate data being reviewed before being electronically    signed (encrypted with private key) by the reviewer-   14 The reviewer signed certificate data being sent to the    certificate data approval person-   16 Software uses reviewer's public key to ensure file has not been    altered after signing, upon Issuer's satisfaction of the accuracy of    the certificate information the certificates are generated and    signed using the Issuer's private key-   18 Signed certificates are sent to issuer's server software for    distribution-   19 Certificates are emailed as an attachment to the customer    (recipient)-   20 Issuers server software distributes certificates as email file    attachments or a link to the certificate on the web server software    where customer can download certificate-   22 Customer receives the certificate as an attachment or downloads    the certificate using the link to the certificate in the email-   24 Certificates are stored for later comparison before being    reimbursed-   30 Certificate data reviewer exports public key after generating it    on their software-   31 Reviewers public key encrypted with a password after exporting-   32 Issuer enters password that is used to decrypt reviewers public    key before importing it-   33 Certificate data Issuer and certificate generator, exports public    key after generating it on their software-   34 Issuer's public key encrypted with a password is exported as a    file-   35 Issuers public key is imported onto the vendor's computer to be    used to verify certificates that are redeemed-   36 Issuers public key is imported onto the issuer's computer to be    used to verify certificates that are presented for reimbursement-   40 Vendor where customer will redeem electronic gift certificate-   41 The vendor renders Goods or services-   42 Customer having electronic gift certificate on his or her    computer-   43 Customer uploads electronic gift certificate file to vendor as    payment-   44 Vendor presents customers electronic gift certificate for    reimbursement to certificate issuer-   45 Certificate issuer verifies certificate with Issuer's public key    and reimburses vendor.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

Referring now to FIG. 1 to FIG. 3, one embodiment of a decryption keymanagement scheme for a software distribution system according to thepresent invention will be described in detail.

FIG. 1 shows the process of generating electronic gift certificates thatare superior to password electronic gift certificates. A reviewerreviews the data that will be used as the basis of the certificates.Once the reviewer is satisfied with the accuracy of the information thereviewer electronically signs (encrypts the data using his or herprivate key) before sending it to the Issuer. The software the Issuer isusing verifies the signed data using the public key of the reviewerbefore allowing the Issuer to generate and sign the certificates. If theIssuer is satisfied with the accuracy of the information the Issuergenerates and sign the certificates using his or her private key. Thecertificates are then distributed by email or sent to a computer wherethe certificates are distributed.

FIG. 2 shows how and to whom public keys are exported. The public key ofthe reviewer is exported in an encrypted file and sent to the Issuer.The encrypted public key file and the password used to decrypt it aresent by two different channels to reduce the security risk. The Issuer'spublic key is exported in an encrypted file and is installed on thevendor's and the issuers' computers.

FIG. 3 shows a customer redeeming an electronic gift certificate forgoods and services. The certificate is residing on the customer'scomputer in a electronically signed file. When the certificate ispresented to the vendor, the vendor uses the public key of the Issuer toverify the integrity of the certificate. If the certificate has not beenaltered the certificate is presented to the issuer for reimbursement. Ifthe issuer using the Issuer's public key verifies the certificate thevendor is reimbursed the value of the certificate.

Advantages

From the description above, a number of advantages of the electronicgift certificates become evident;

When implementing electronic incentive certificates it is more costeffective for the certificate issuer to manage the certificate issuanceand distribution process instead of relying on vendors since unredeemedcertificates do not cost the issuer any money whereas if the vendorissued the certificates the vendor would be the one reaping the benefitsof any unredeemed certificates.

Electronic certificates that are created using public private keys aremore secure than paper certificates which can be easily modified toreflect a higher value or longer expiration date.

Issuers can issue certificates that are redeemable at other vendorswebsite or companies.

The posibility for fraud is reduced because a minimum of two individualsare required to review the file that is used to generate thecertificate.

The certificate recipient does not have to remember passwords or serialnumbers which makes these electronic incentive certificates easier touse than those requiring passwords.

Vendors can redeem a certificate without having to send it to the issuerfor authentication.

Issuers can set up cross marketing opportunities with with vendors.

The software of this invention when used by the vendor has the abilityto set limits on the amount of money the vendor is prepared to advanceto the issuer over a specific period of time thereby limiting thefinancial exposure of the vendor.

The time to create and distribute certificates is much shorter than thatrequired for paper certificates

The cost of producing and distributing the electronic certificates ofthis invention is less than the cost of producing and distributingsimilar value paper certificates because the distribution and redemptionof the certificates of this invention is don by computers instead of thehumans required by paper certificates.

Operation

Generating electronic gift certificates require two sets of publicprivate encryption keys pairs to be created. One key pair belongs to thereviewer and the other to the certificate issuer. To electronically signan electronic gift certificate the private key of issuer is to encryptcertificate data. To verify a certificate the corresponding public keyis used to decrypt the certificate which is then checked for content andformat. If the decrypted file is formatted correctly the verificationpasses.

First, someone working for the certificate Issuer prepares a filecontaining the names, email addresses, monetary value, expiration date,etc of each certificate. The file is then sent to a reviewer who reviewsif for accureacy. If the file is accurate the reviewer uses his orprivate encryption key to electronically sign the file. The reviewerthen sends the signed file to an Issuer who will also review the filefor accuracy before generating and signing each electronic signatureusing his or her private key.

Before the Issuer is allowed to generate and sign each certificate, theIssuer's software uses the reviewer's matching public key that isinstalled on the Issuers computer to verify that the signed file has notbeen altered. After generating the certificates they are distributedelectronically to the recipients.

The public key of the certificate generator/Issuer is distributed tovendors and is also installed on the issuers computer where vendors willpresent redeemed certificates for reimbursement. Before a certificate isreimbursed it is verified using the Issuer's public key. The vendorsalso uses the Issuers public key to verify that the certificate has notbeen altered before redeeming it.

Conclusion, Ramifications and Scope

Accordingly, the reader will see that our encrypted electronic giftcertificate is more secure and economical to use that traditionalpassword based electronic gift certificates. It has additionaladvantages in that

It does not require the installation of additional hardware so it can beused on most computer with not modifications necessary;

Encrypting each certificate significantly reduces the chance of it beingaltered;

It has built in expiration date allowing the issuer to control thelifespan of a certificate and thus control their financial exposure(obligation);

A multitude of different public private encryption algorithm can be usedto implement the cryptographic functions such as RSA from RSA SecurityInc;

Vendors can verify an electronic gift certificate that is being redeemedwithout contacting the issuer, allowing certificates to be redeemed evenwhen no communication is possible with the issuer;

Certificate issuer retains savings when an issued certificate is notredeemed;

Certificate recipients do not have to memorize password or serialnumbers making our electronic gift certificates easier to use thancertificate implemented using passwords;

1. A method for creating electronic gift certificates involving at leastone computer, is created from electronically signing data representing amonetary value, an expiration date, the name of the recipient, serialnumber, currency type or any other relevant data using a public privatekey encryption algorithm:
 2. The method of claim 1 wherein saidencryption algorithm is based on the public key infrastructure (PKI)standard including such algorithms as RSA public key encryption from RSASecurity Inc.
 3. The method of claim 1 wherein said data is sent to areviewer as an electronic file or data stream or any other convenientmeans of packaging data, to be reviewed for accuracy after which saidreviewer having determined the information to be accurate uses reviewersown private key, electronically sign said data.
 4. The method of claim 3wherein said signed data is sent to the Issuer where said data is againreviewed for accuracy before said Issuer using his or her private keygenerates and electronically signs or encrypts each electronic giftcertificates.
 5. The method of claim 4 wherein said reviewer or Issuermay include a person or computerized system.
 6. The method of claim 4wherein said certificates are distributed to recipients by various meansincluding as an attachment in an email, downloaded form a web server ordownloaded from a web server using a link in an email to locate thecertificate.
 7. The method of claim 6 wherein said recipients presentsaid certificates electronically to designated vendors as payment forgoods or services.
 8. The method of claim 7 where said vendors use thepublic key of said certificate Issuer, verifies the authenticity of saidcertificates before providing goods or service.
 9. The method of claim 8wherein said vendors certificate verification includes checking thecontent and format of the decrypted output of said electronic giftcertificate after decrypting it with the issuers public key.
 10. Themethod of claim 9 wherein certificates passing said verification isredeemed before being submitted to the certificate issuer forreimbursement.
 11. The method of claim 10 wherein said issuer willreimburse said vendors only if said certificate passes verificationusing the Issuers public key.
 12. The method of claim 4 wherein saidissuer using the public key of said reviewer verify that the data wassigned by said reviewer and has not been altered, before said issuer isallowed to generate any electronic gift certificates.
 13. The method ofclaim 1 wherein said electronic gift certificates utilizes the worldwide web consortium (W3C) organization electronic signature XMLspecification as one means of encapsulating the electronic giftcertificate.
 14. The method of claim 13 wherein said XML specificationis modified sufficiently to accommodate the additional data elementsneeded in an electronic gift certificate.
 15. The method of claim 4wherein the public key of said Issuer is distributed by secure meansincluding encrypting said public key with a password, to relevantparties including vendors or computer systems, thereby providing saidparties the ability to verify electronic gift certificates issued bysaid Issuer.
 16. The method of claim 1 wherein savings from anyunredeemed or expired gift certificates are retained by the certificateissuer.
 17. The method of claim 4 whereby the certificate issuerestablishes sufficient credit with vendors where certificates will beredeemed to cover the cost of redeemed certificates before the vendorsare reimbursed.
 18. The method of claim 5 wherein said certificateissuers and said reviewer may have their responsibilities combinedthereby requiring the use of one set of public private key pair.
 19. Themethod of claim 1 wherein said certificate may be used as an electronicrebate check.
 20. The method of claim 4 wherein said certificate mayinclude a password whereby software can be used to force the certificaterecipient to enter said password before said certificate can bepresented to any vendor for redemption.